SQL Injection Vulnerability in Tianchoy Blog by Tianchoy
CVE-2023-43381

7.5HIGH

Key Information:

Vendor: Tianchoy
Status: Blog
Vendor: CVE Published:; 27 September 2023

Summary

A vulnerability in Tianchoy Blog v1.8.8 enables remote attackers to exploit SQL Injection via the 'id' parameter in the login.php file. By manipulating this parameter, attackers can gain unauthorized access to sensitive information stored in the database. It is vital for users of this platform to apply necessary security measures and updates to mitigate this risk.

References

https://github.com/Chiaki2333/vulnerability/blob/main/tia...

https://gist.github.com/Chiaki2333/59ef607c3eb3a7b4db1537...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 18, 2023